“Pics for MSN Friends” Steal Your MSN Passwords

Recently, I am getting strange URL from my MSN friends. Clicking the link will lead to a “Pics for MSN Friends” web page with a login form asking for your msn email and password. DO NOT submit it!

pics for msn friends

Do not fall into the trap! If you submit your email and password, they will use your MSN account to send messages to your friends on your behalf.

Quote from the “pics for MSN friends” site:

We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.

That’s scary!

There is a Terms of Use / Privacy Policy at the bottom of the page. Basically, it tells you that they have the right to use your MSN account to spread unwanted messages. The page appears to be created by “TST Management, Inc”

There are many variants of the URL but all have the same login form. For more information on terms and conditions of the page, please refer to the great write-up of Jalaj.

What happens if I submitted the form?

Your MSN friends will probably get the same URL from your account and thought it is from you. They might be the next victims and then send the same URL to the friends of your friends…

What should I do?

In order to stop the unauthorized access to your MSN account, you should change your MSN Passport account’s password, in other word, change your Hotmail password.

My two cents

Never ever submit your account information to an unknown website. Don’t trust the links from your instant messaging friends. They might not know what happened. It is good to confirm with them about the link they sent.

Share this:

10 thoughts on ““Pics for MSN Friends” Steal Your MSN Passwords”

  1. Also, to stop this web phising, one should report it. I always report whenever I receive any email or IM message that prompt for login details. There has been a lot of instances of phishing for our online banking login as well.

    To report

    Firefox: Go to HELP > WEB FORGERY. This will sen the site info to Google database that will warn you phising websites in the future.

    Internet Explorer: Go to TOOLS > PHISIHING FILTER > REPORT THIS WEBSITE.

    Reply
  2. Microsoft might also be interested in this highjacking of their user’s accounts and spam.

    In the meantime… is anyone interested in submitting piles of made up account information to this phishing form? ;)

    Reply
  3. I will never click on the link that sent from my friend. Unless they told me about the website. It is always better to take precaution.

    Reply
  4. yup receive those via IM too but didn’t take the bait. Anyway thanks letting everyone know about this scam. :)

    Reply
  5. Yes..been receiving it twice this month.
    with an address something like your friends name @msn..bla bla bla

    well never fall to anything like this anymore,i’ve learn my lesson last time.

    Reply

Leave a Comment